NxtLvl.chat – Privacy Policy

Last Updated: 2025-10-20

Our Commitment to Your Privacy

At NxtLvl.chat, your privacy is our top priority. We’ve built our app with privacy-first principles and strong end-to-end encryption to ensure that your conversations remain private and secure. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

1. Information We Collect

1.1 Information You Provide

• Account Information: User ID and nickname for account creation

• Contact Information: Contact lists created through QR code exchanges (stored locally only)

• Message Content: Text messages and images you send (encrypted end-to-end)

• Vault Content: Private memos and pictures stored in your vault (encrypted locally)

1.2 Automatically Collected Information

• Device Information: Device type, operating system version (for app functionality)

• Usage Data: App crashes, performance metrics (for debugging and improvement)

• Push Notification Tokens: Generated by OneSignal for delivering notifications

• Connection Metadata: Timestamps, message delivery status (for reliable message delivery)

1.3 Information We Do NOT Collect

• ❌ Your message content (we cannot read encrypted messages)

• ❌ Your contact lists or phone numbers

• ❌ Your location data

• ❌ Your vault contents

• ❌ Your photos or media library (except photos you choose to send)

• ❌ Your browsing history or behavior outside the app

2. How We Use Your Information

2.1 Core Service Functionality

• Message Delivery: Routing encrypted messages between users

• Contact Management: Facilitating secure connections through QR codes

• Notifications: Alerting you to new messages via push notifications

• Account Management: Maintaining your user account and settings

2.2 Security and Safety

• Encryption: Protecting your messages with end-to-end encryption

• Authentication: Securing your account with passwords and biometric options

• App Lock: Protecting access to your app with configurable timeouts

2.3 App Improvement

• Bug Fixes: Identifying and resolving technical issues

• Performance: Optimizing app speed and reliability

• Feature Development: Understanding usage patterns to improve features

3. End-to-End Encryption

3.1 What This Means

• Military-Grade Encryption: All messages are encrypted using industry-standard AES-256-GCM encryption

• Zero Knowledge: We cannot read, access, or decrypt your messages

• Local Key Storage: Encryption keys are generated and stored only on your device

• Secure Key Exchange: Cryptographic keys are exchanged securely between users

• Forward Secrecy: Keys rotate automatically to protect past conversations

3.2 What We See

We can only see:

• ✅ Encrypted message payloads (unreadable ciphertext)

• ✅ Metadata (sender, recipient, timestamp)

• ✅ Delivery status

We cannot see:

• ❌ Message content

• ❌ Images or media content

• ❌ Vault items

• ❌ Contact names or details

4. Data Storage

4.1 Local Storage (On Your Device)

The following data is stored locally on your device in encrypted format:

• All your messages and conversation history

• Your contacts and their details

• Vault items (private memos and pictures)

• Encryption keys

• App settings and preferences

Important: This data is protected by your password or biometric authentication. If you lose your password, this data cannot be recovered.

4.2 Server Storage (Temporary)

Our servers temporarily store:

• Encrypted message payloads: Until delivered to recipients

• Metadata: Delivery timestamps and status information

• Self-Destruct Messages: Automatically deleted according to retention delay settings

Data Retention: Messages are deleted from servers after successful delivery or according to your self-destruct settings.

4.3 No Cloud Backup

• We do not back up your encrypted data to any cloud service

• Your device backups (iCloud/iTunes) may include app data

• Encrypted data in device backups remains encrypted and requires your password

5. Third-Party Services

5.1 Twilio

We use Twilio to send you validation code IF you choose to provide your phone number.

What Twilio Receives:

• Your phone number

What Twilio Does NOT Receive:

• Your message content

• Your contact list

• Your vault contents

OneSignal Privacy Policy: https://www.twilio.com/en-us/legal/privacy

5.2 Apple Services

As an iOS app, certain Apple services are used:

• App Store: For app distribution and updates

• Push Notification Service (APNs): For delivering notifications

• iCloud (optional): Only if you back up your device

Apple Privacy Policy: https://www.apple.com/legal/privacy/

6. Data Sharing and Disclosure

6.1 We Do Not Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

6.2 Limited Sharing

We only share data in these specific circumstances:

Service Providers:

• Hosting providers (for server infrastructure)

• These providers are contractually obligated to protect your data

Legal Requirements:

We may disclose information if required by law, such as:

• Valid court orders or subpoenas

• Legal processes or government requests

• Protecting our rights, property, or safety

• Note: Due to end-to-end encryption, we cannot provide message or vault content even if legally required

Business Transfers:

If NxtLvl.chat is acquired or merged, your data may be transferred. You will be notified of any such change.

7. Your Privacy Rights

7.1 Access and Control

You have the right to:

• ✅ Access your data through the app

• ✅ Delete individual messages or entire conversations

• ✅ Export your data (manually, by viewing in-app)

• ✅ Delete your account and all associated data

7.2 Account Deletion

To delete your account:

1. Go to Settings

1. Select “Wipe Account Data”

1. Confirm deletion

Effect of Deletion:

• Your account will be permanently deleted

• All your local data will be erased

• Messages you sent remain in recipients’ devices (due to E2EE architecture)

• This action cannot be undone

7.3 Communication Preferences

You can control:

• Push notification settings (in device settings)

• App lock timeout duration

• Self-destruct message timers

7.4 Regional Privacy Rights

California Residents (CCPA):

• Right to know what personal information is collected

• Right to delete personal information

• Right to opt-out of data sales (we don’t sell data)

• Right to non-discrimination

European Users (GDPR):

• Right of access, rectification, and erasure

• Right to data portability

• Right to object to processing

• Right to lodge a complaint with supervisory authorities

Other Jurisdictions: Contact us to exercise your privacy rights.

8. Data Security

8.1 Security Measures

We implement multiple layers of security:

• End-to-End Encryption: Military-grade AES-256-GCM

• Local Encryption: All local data encrypted with your password

• Secure Key Exchange: Cryptographic protocols for key establishment

• App Lock: Biometric and password protection

• Secure Transport: TLS/SSL for all server connections

• Key Rotation: Automatic encryption key updates for forward secrecy

8.2 Your Responsibility

Security also depends on you:

• Use a strong, unique password

• Enable biometric authentication (Face ID/Touch ID)

• Keep your device secure with a passcode

• Don’t share your password with anyone

• Keep your device’s OS updated

8.3 Limitations

While we implement strong security:

• No system is 100% secure

• Device compromise can expose data

• Lost passwords cannot be recovered

• We cannot guarantee absolute protection

9. Children’s Privacy

9.1 Age Restrictions

• NxtLvl.chat is intended for users 4 years and older

• We do not knowingly collect data from children under 13

• If you are under 18, you must have parental consent

9.2 Parental Rights

If you believe your child under 4 is using the app:

• Contact us immediately at [privacy@nxtlvl.chat]

• We will delete the account and associated data

10. International Data Transfers

10.1 Data Location

• Your local data remains on your device

• Server data may be stored in Switzerland

• Data may be transferred internationally for service functionality

10.2 Protection Measures

When transferring data internationally, we ensure:

• Compliance with applicable data protection laws

• Adequate safeguards for data protection

• Encryption in transit and at rest

11. Data Retention

11.1 Local Data

• Stored indefinitely on your device until you delete it

• Automatically deleted if you delete the app or your account

11.2 Server Data

• Messages: Deleted after successful delivery or according to burn delay

• Metadata: Retained for up to 30 days for operational purposes

• Account Data: Retained until account deletion

• Logs: Retained for up to 90 days for debugging and security

11.3 Self-Destructing Messages

• Automatically deleted from servers according to your configured server retention

• Recipients’ local copies deleted based on your burn delay

• Permanent: Cannot be recovered after deletion

12. Cookies and Tracking

12.1 No Web Tracking

• We do not use cookies (this is a native app)

• We do not track your browsing activity

• We do not use advertising trackers

12.2 Analytics

• We collect minimal usage analytics for app improvement

• No personally identifiable information in analytics

• Analytics data is anonymized and aggregated

13. Changes to This Privacy Policy

13.1 Updates

• We may update this Privacy Policy from time to time

• Material changes will be notified through the app or email

• Continued use after changes constitutes acceptance

• Previous versions will be archived and available on request

13.2 Notification

We will notify you of material changes via:

• Updated “Last Modified” date at the top

14. Contact Us

14.1 Privacy Questions

For privacy-related questions or concerns:

Email: [privacy@nxtlvl.chat]

Support: [support@nxtlvl.chat]

Website: [www.nxtlvl.chat]

14.2 Data Requests

To exercise your privacy rights or request data:

• Email us at [privacy@nxtlvl.chat]

• Include your user ID and specific request

• We will respond within 30 days

14.3 Security Issues

To report security vulnerabilities:

• Email: [support@nxtlvl.chat]

• We appreciate responsible disclosure

15. Legal Basis for Processing (GDPR)

We process your data based on:

• Consent: When you create an account and use the app

• Contract Performance: To provide messaging services

• Legitimate Interests: For security, fraud prevention, and app improvement

• Legal Obligation: When required by law

Key Privacy Highlights

✅ End-to-end encrypted – We cannot read your messages

✅ Local storage – Your data stays on your device

✅ No data sales – We never sell your information

✅ Minimal collection – We only collect what’s necessary

✅ Your control – Delete your data anytime

✅ Transparent – Clear about what we do and don’t collect

✅ Secure – Multiple layers of protection

✅ Privacy-first – Built with privacy as a core principle

Privacy Policy Summary

What We Can’t See (End-to-End Encrypted):

• Your messages

• Your images

• Your vault contents

• Your contact names

• Your conversations

What We Can See (For Service Operation):

• Your user ID

• Encrypted message payloads (unreadable)

• Delivery timestamps

• Connection metadata

What We Store:

• On Your Device: Everything (encrypted)

• On Our Servers: Encrypted messages (temporarily until delivered)

What We Don’t Do:

• Sell your data

• Read your messages

• Share with advertisers

• Track your location

• Access your vault

By using NxtLvl.chat, you acknowledge that you have read and understood this Privacy Policy.